<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body>
<div class="moz-cite-prefix">On 02/26/2015 02:13 AM, Brian Leathem
wrote:<br>
</div>
<blockquote
cite="mid:CAMoQiaNkHxumY-EBAsu2jonbD-_Vi62uzk3EBV3dkt3CR0HWSQ@mail.gmail.com"
type="cite">
<p dir="ltr">One way to make this work would be to move the
Aerogear Oauth2 API altogether to an intent based one. Users
would start an intent to retrieve an Oauth2 token, which we
would deliver to their #onActivityResult method, regardless of
the mechanism we use.</p>
<p dir="ltr">This would also allow us to resolve AGDROID-319
elegantly.</p>
</blockquote>
Yup. I made 319 while trying to do what you are currently doing.<br>
<br>
I really, really, REALLY wish Google hadn't made Android a class and
had gone for an injection/composition programming model instead.
It's like they weren't even paying any attention to academic and
professional literature about OO and Java in 2006...<br>
<br>
<blockquote
cite="mid:CAMoQiaNkHxumY-EBAsu2jonbD-_Vi62uzk3EBV3dkt3CR0HWSQ@mail.gmail.com"
type="cite">
<div class="gmail_quot<blockquote class=" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Hello all,<br>
<br>
So I've gotten pretty close in my implementation, but I've
got one blocker:<br>
<br>
The account selection and Oath2 token request are initiated
using an intent. The result is then retrieved by
implementing the #onActivityResult method of the initial
activity. The problem I'm facing is the original activity
exists in the user's application. Nesting activities isn't
a solution, as I still don't have access to the top-level
activity.<br>
<br>
Implementing this purely as a cordova plugin is trivial, as
I can just @Override the #onActivityResult of the
CordovaPlugin class.<br>
<br>
Do any Android experts have a recommendation on how I can
implement this as a generic Android library in
android-authz?<br>
<br>
Alternatively if we implement this directly in the
oauth2-codova plugin I have everything we need already
complete.<br>
<br>
Brian<br>
<br>
On 2015-02-25 10:44 AM, Daniel Passos wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>
<p style="margin:1.2em 0px!important">Hey Brian,</p>
<p style="margin:1.2em 0px!important">You can. but not
necessarily need do that.. You can create your own
workflow.</p>
<p style="margin:1.2em 0px!important">Just implement
your own:</p>
<ul style="margin:1.2em 0px;padding-left:2em">
<li style="margin:0.5em 0px">
<p style="margin:0.5em 0px!important">OAuth2AuthroizationConfigurationProvider</p>
</li>
<li style="margin:0.5em 0px">
<p style="margin:0.5em 0px!important">AuthorizationConfiguration</p>
</li>
<li style="margin:0.5em 0px">AuthzModule.java</li>
</ul>
<p style="margin:1.2em 0px!important">And let the <code
style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px
0.15em;padding:0px
0.3em;white-space:pre-wrap;border:1px solid
rgb(234,234,234);border-radius:3px;display:inline;background-color:rgb(248,248,248)">AuthorizationManager</code>
know[1] your new Authz</p>
<pre style="font-family:Consolas,Inconsolata,Courier,monospace;font-size:1em;line-height:1.2em;margin:1.2em 0px"><code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;white-space:pre-wrap;overflow:auto;border-radius:3px;border:1px solid rgb(204,204,204);padding:0.5em;color:rgb(51,51,51);display:block!important;background:rgb(248,248,255)">AuthorizationManager.registerConfigurationProvider(YourNewAuthorizationConfiguration, new YourNewOAuth2AuthroizationConfigurationProvider)
</code></pre>
<p style="margin:1.2em 0px!important">[1] <a
moz-do-not-send="true"
href="https://github.com/aerogear/aerogear-android-authz/blob/master/aerogear-android-authz/src/main/java/org/jboss/aerogear/android/authorization/AuthorizationManager.java#L37-L41"
target="_blank">https://github.com/aerogear/aerogear-android-authz/blob/master/aerogear-android-authz/src/main/java/org/jboss/aerogear/android/authorization/AuthorizationManager.java#L37-L41</a></p>
<p style="margin:1.2em 0px!important">-- Passos</p>
<div
title="MDH:PGRpdj5IZXkmbmJzcDtCcmlhbiw8L2Rpdj48ZGl2Pjxicj48L2Rpdj5Zb3UgY2FuLiBidXQgbm90IG5lZWQgbmVjZXNzYXJpbHkgZG8gdGhhdC4uIFlvdSBjYW4gY3JlYXRlIHlvdXIgb3duIHdvcmtm
bG93LjxkaXY+PGJyPjwvZGl2PjxkaXY+SnVzdCBpbXBsZW1lbnQgeW91ciBvd246PC9kaXY+PGRp
dj48YnI+PC9kaXY+PGRpdj4qJm5ic3A7T0F1dGgyQXV0aHJvaXphdGlvbkNvbmZpZ3VyYXRpb25Q
cm92aWRlcjxicj48L2Rpdj48ZGl2PiombmJzcDtBdXRob3JpemF0aW9uQ29uZmlndXJhdGlvbjwv
ZGl2PjxkaXY+KiZuYnNwO0F1dGh6TW9kdWxlLmphdmE8L2Rpdj48ZGl2Pjxicj48L2Rpdj48ZGl2
PkFuZCBsZXQgdGhlIGBBdXRob3JpemF0aW9uTWFuYWdlcmAga25vd1sxXSB5b3VyIG5ldyBBdXRo
ejwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+YGBgPC9kaXY+PGRpdj5BdXRob3JpemF0aW9uTWFu
YWdlci5yZWdpc3RlckNvbmZpZ3VyYXRpb25Qcm92aWRlcihZb3VyTmV3QXV0aG9yaXphdGlvbkNv
bmZpZ3VyYXRpb24sIG5ldyBZb3VyTmV3T0F1dGgyQXV0aHJvaXphdGlvbkNvbmZpZ3VyYXRpb25Q
cm92aWRlcik8L2Rpdj48ZGl2PmBgYDwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+WzFdJm5ic3A7
aHR0cHM6Ly9naXRodWIuY29tL2Flcm9nZWFyL2Flcm9nZWFyLWFuZHJvaWQtYXV0aHovYmxvYi9t
YXN0ZXIvYWVyb2dlYXItYW5kcm9pZC1hdXRoei9zcmMvbWFpbi9qYXZhL29yZy9qYm9zcy9hZXJv
Z2Vhci9hbmRyb2lkL2F1dGhvcml6YXRpb24vQXV0aG9yaXphdGlvbk1hbmFnZXIuamF2YSNMMzct
TDQxPC9kaXY+PGRpdj48YnI+PC9kaXY+"
style="min-height:0px;width:0px;max-height:0px;max-width:0px;overflow:hidden;font-size:0em;padding:0px;margin:0px"><br>
</div>
<div
title="MDH:PGRpdj5IZXkmbmJzcDtCcmlhbiw8L2Rpdj48ZGl2Pjxicj48L2Rpdj5Zb3UgY2FuLiBidXQgbm90IG5lZWQgbmVjZXNzYXJpbHkgZG8gdGhhdC4uIFlvdSBjYW4gY3JlYXRlIHlvdXIgb3duIHdvcmtm
bG93LjxkaXY+PGJyPjwvZGl2PjxkaXY+SnVzdCBpbXBsZW1lbnQgeW91ciBvd246PC9kaXY+PGRp
dj48YnI+PC9kaXY+PGRpdj4qJm5ic3A7T0F1dGgyQXV0aHJvaXphdGlvbkNvbmZpZ3VyYXRpb25Q
cm92aWRlcjxicj48L2Rpdj48ZGl2PiombmJzcDtBdXRob3JpemF0aW9uQ29uZmlndXJhdGlvbjwv
ZGl2PjxkaXY+KiZuYnNwO0F1dGh6TW9kdWxlLmphdmE8L2Rpdj48ZGl2Pjxicj48L2Rpdj48ZGl2
PkFuZCBsZXQgdGhlIGBBdXRob3JpemF0aW9uTWFuYWdlcmAga25vd1sxXSB5b3VyIG5ldyBBdXRo
ejwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+YGBgPC9kaXY+PGRpdj5BdXRob3JpemF0aW9uTWFu
YWdlci5yZWdpc3RlckNvbmZpZ3VyYXRpb25Qcm92aWRlcihZb3VyTmV3QXV0aG9yaXphdGlvbkNv
bmZpZ3VyYXRpb24sIG5ldyBZb3VyTmV3T0F1dGgyQXV0aHJvaXphdGlvbkNvbmZpZ3VyYXRpb25Q
cm92aWRlcik8L2Rpdj48ZGl2PmBgYDwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+WzFdJm5ic3A7
aHR0cHM6Ly9naXRodWIuY29tL2Flcm9nZWFyL2Flcm9nZWFyLWFuZHJvaWQtYXV0aHovYmxvYi9t
YXN0ZXIvYWVyb2dlYXItYW5kcm9pZC1hdXRoei9zcmMvbWFpbi9qYXZhL29yZy9qYm9zcy9hZXJv
Z2Vhci9hbmRyb2lkL2F1dGhvcml6YXRpb24vQXV0aG9yaXphdGlvbk1hbmFnZXIuamF2YSNMMzct
TDQxPC9kaXY+PGRpdj48YnI+PC9kaXY+"
style="min-height:0px;width:0px;max-height:0px;max-width:0px;overflow:hidden;font-size:0em;padding:0px;margin:0px"></div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Feb 25, 2015 at 3:30 PM,
Brian Leathem <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:bleathem@gmail.com" target="_blank">bleathem@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>... and the devil is in the details.<br>
<br>
It seems as though all the current AuzthzModules
use an http based approach to requesting an Oauth2
token. I see this being done in
OAuth2WebFragmentFetchAutorization#doAuthorization
method, where an OAuthWebViewDialog is used to
trigger the Oauth2 token request.<br>
<br>
To use Google Play services to trigger an Oauth2
token request, we won't use an http approach, but
rather we start an activity to select an account
and request an Oauth2 token. Once the token is
retrieved it can then be used with the standard
http Oauth2 API.<br>
<br>
(One caveat: the google play services token
response doesn't provide a refresh token. I
believe this to be a non-issue as the token
request process is trivial when using google play
services (no authentication step)).<br>
<br>
I see to ways to implement this feature:<br>
<br>
1) Generalize the
OAuth2WebFragmentFetchAutorization into an
interface, and have one implementation to handle
http-based token requests, and second
implementation to handle intent-based token
requests.<br>
<br>
2) Add a OAuth2AuthorizationConfiguration option
to use intents instead of http, and trigger a
different workflow within the
OAuth2WebFragmentFetchAutorization#doAuthorization
method if that config is set.<br>
<br>
My preference is for 2) because it's a) simpler,
and b) it is really only during the
#doAuthorization method that we have a different
approach.<br>
<br>
Thoughts? I'll start with implementing approach
(2) unless I hear otherwise.<span><font
color="#888888"><br>
<br>
Brian</font></span>
<div>
<div><br>
<br>
On 2015-02-24 07:25 PM, Matthias Wessendorf
wrote:<br>
</div>
</div>
</div>
<div>
<div>
<blockquote type="cite"><br>
<br>
On Wednesday, February 25, 2015, Daniel Passos
<<a moz-do-not-send="true"
href="mailto:daniel@passos.me"
target="_blank">daniel@passos.me</a>>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<div dir="ltr">No, we are not using Google
Play services API for now for OAuth2 in
Android land.
<div><br>
</div>
<div>But feel free create a new
AuthzModule[1] for it ;)</div>
</div>
</blockquote>
<div><br>
</div>
<div>+1<span></span></div>
<div> </div>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<div dir="ltr">
<div><br>
</div>
<div>[1] <a moz-do-not-send="true"
href="https://github.com/aerogear/aerogear-android-authz/blob/master/aerogear-android-authz/src/main/java/org/jboss/aerogear/android/authorization/AuthzModule.java"
target="_blank">https://github.com/aerogear/aerogear-android-authz/blob/master/aerogear-android-authz/src/main/java/org/jboss/aerogear/android/authorization/AuthzModule.java</a><br>
<div><br>
</div>
<div>-- Passos</div>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Feb 24,
2015 at 4:01 PM, Sebastien Blanc <span
dir="ltr"><<a
moz-do-not-send="true">scm.blanc@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div dir="ltr">Cool stuff Brian !
<div>The AeroGear OAuth2 Cordova
plugin relies on the Native
AeroGear OAuth2 Libraries, so
maybe Summers and/or Daniel could
tell more about it. </div>
<div>Sebi</div>
<div> </div>
</div>
<div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue,
Feb 24, 2015 at 7:46 PM, Brian
Leathem <span dir="ltr"><<a
moz-do-not-send="true">bleathem@gmail.com</a>></span>
wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">Hey
gear-heads,<br>
<br>
I recently wrote a Cordova
plugin that retrieves a
Oauth2 token on<br>
Android using Google Play
Services. The advantage of
this approach is<br>
it leverages the
single-sign-on capabilities
of android, and the app can<br>
retrieve the Oauth2 token
without requiring
Authentication from the<br>
user. I blogged about it
here:<br>
<br>
<a moz-do-not-send="true"
href="http://www.bleathem.ca/blog/2015/02/cordova-oauth-google-services.html"
target="_blank">http://www.bleathem.ca/blog/2015/02/cordova-oauth-google-services.html</a><br>
<br>
Using a promise-based API
it's fairly trivial to
fallback to a<br>
traditional Web
authentication/authorisation
for the Oauth2 token when<br>
the google-play-services
approach isn't supported.<br>
<br>
I'm aware the aerogear team
has a Oauth2 cordova plugin
[1], but it's<br>
not clear to me if the
google-play-services
integration is supported.<br>
If the Aerogeam would find
it useful, I'd be more than
happy to provide<br>
a PR to the aerogear cordova
plugin providing such
integration.<br>
<br>
Thoughts?<br>
Brian<br>
<br>
[1]<br>
<a moz-do-not-send="true"
href="http://staging-aerogearsite.rhcloud.com/docs/specs/aerogear-cordova/OAuth2.html"
target="_blank">http://staging-aerogearsite.rhcloud.com/docs/specs/aerogear-cordova/OAuth2.html</a><br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a moz-do-not-send="true">aerogear-dev@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/aerogear-dev"
target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a moz-do-not-send="true">aerogear-dev@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/aerogear-dev"
target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<br>
-- <br>
Sent from Gmail Mobile<br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
aerogear-dev mailing list
<a moz-do-not-send="true" href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:aerogear-dev@lists.jboss.org"
target="_blank">aerogear-dev@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/aerogear-dev"
target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
aerogear-dev mailing list
<a moz-do-not-send="true" href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></pre>
</blockquote>
<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
aerogear-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Summers Pittman
>>Phone:404 941 4698
>>Java is my crack.
</pre>
</body>
</html>